Compliance system for the prevenztion of corruption

Introduction

Abengoa’s Compliance System for the Prevention of Corruption is designed to prevent, detect, and punish any failure to comply with all anti-corruption laws, standards, or principles that may affect the Company, with special emphasis on the United States Foreign Corrupt Practices Act (FCPA) and on the British Bribery Act 2010.

The Compliance System is in line with Abengoa’s values and principles addressed in the Code of Conduct¹ , including integrity, legality, professional rigour, confidentiality, quality, corporate culture, and compliance with the Shared Management Systems.

Abengoa is fully committed to the fight against corruption. Abengoa entered the United Nations Global Compact² on November 20, 2002. Signing companies are committed to conduct their operations in accordance  with ten principles based on universal declarations and conventions, which include the fight against corruption in all its forms, such as extortion, fraud, and bribery.

In 2013, Abengoa strengthened this commitment by creating a compliance unit inside General Secretary. In 2014, said unit gained autonomy by separating its duties from that of the General Secretary, and by reporting directly to the Board of Directors.

For the design of its Compliance System, Abengoa has been guided by the United Nations Convention against Corruption (UNCAC, October 2003) and the FCPA (Foreign Corrupt Practices Act) Compliance Guide, published by US Department of Justice on November 2012, as well as several reference documents and the best practices of the sector in this field, all of this being adapted to the actual functioning of Abengoa and the markets in which it operates.

The system is propelled by the company’s management body and it reaches every employee, manager, and board member of Abengoa and all other companies under its control.

A compliance system does not guarantee the non-occurrence of irregularities, but it helps to prevent it. Moreover, it significantly increases the probability of their identification and mitigation.

The 10 key elements of Abengoa’s Compliance System are arranged according to 3 dimensions:

• Organizational culture and communication

1. Senior management commitment, supervising and implementing the system, to ensure that the strategy is aligned with compliance.

2. A Chief Compliance Officer with direct access to the Board of Directors, with autonomy and sufficient resources to appropriately supervise compliance with the System.

3. Code of Conduct, which explicitly establishes the zero tolerance of Abengoa.

4. Training seminars on the topic for all employees and customized training for key staff.

• Procedures and policies implemented in Abengoa

5. Abengoa’s Shared Management Systems, which comprehends policies, procedures, and risks models, are aligned with the Compliance System.

6. Risks assessments in each relevant decision process.

7.Designed procedures for higher potential risks areas:

A. Donations and gifts.

B. Control, follow-up, and due diligence of third parties, including sales agents and intermediaries.

C. Due diligence prior to mergers and acquisitions deals

D. Due diligence prior to the sealing of UTE (temporary joint operations) and Joint Ventures agreements.

E. Purchase, payments, and contracts with third parties.

• Detection mechanisms

8.The Compliance System is regularly revised, improved, and updated.

9.Internal and external whistleblower policy for reporting in confidential manner.

10.Undertaking of designed audits that reaches each of the elements of the Compliance System.

 

1. Senior management commitment

Abengoa understands that the initial step for the efficient operation of the Compliance System is senior management commitment. Abengoa’s senior management is in charge of exemplifying its commitment, explicitly banning any non-compliance action with any national or international law, as well as backing the high standards of ethics that govern Abengoa’s internal culture.

The culture of compliance and rigour remain as intrinsic values of the Company. This is reflected in how Abengoa has pioneered the implementation of complete and strict internal standards and procedures certified through voluntary external audits, the results of which are made public to all its interest groups. Since 2007, Abengoa has been submitting its internal control system to external verification under the PCAOB (Public Company Accounting Oversight Board) standards, in conformity with requirements of section 404 of the Sarbanes-Oxley Act (SOX). Said verification was voluntary until 2014 when Abengoa’s admission to trade on the NASDAQ made it a requirement. Thus, Abengoa became the first Spanish company to voluntarily comply with a SOX internal control audit.

 

2. Chief Compliance Officer with direct access to the Board of    Directors, and sufficient resources and autonomy

Miguel Ángel Jiménez-Velasco Mazarío became Abengoa’s CCO in 2013. Formerly he was the Legal Services Director (1996-2012) and the Board of Directors Secretary (2003-2013).

The CCO heads the Compliance Department which is responsible for ensuring compliance and for the appropriate design of the Compliance System for the Prevention of Corruption. It is also in charge of establishing the content of the training to be given to the employees, and the internal communication plan for the Compliance System.

For the performance of all duties required in the Compliance System, the Compliance Department holds direct access to the resources of the Legal Services, Internal Audit, Human Resource, and Communication Department, among others.  At the same time, each business unit has an officer responsible for compliance tasks.

The autonomy of the Compliance Department is guaranteed by the direct dependence of the CCO from the Board of Directors, which is reported on all significant happenings of relevance. In addition, the CCO, together with the Internal Audit Director, receives all complaints made through the whistleblowing channel (described in depth in section 9).

A team of auditors specialized in fraud prevention (see section 10) are amongst the most significant resources at the disposal of the Compliance Department for ensuring appropriate compliance.

Compliance duties are organized as follows:

 

 3. Code of Conduct

Compliance with Abengoa’s Code of Professional Conduct is compulsory for all employees, management, and board member regardless of their jobs, location or subsidiary. The Code of Conduct is available on the Company’s intranet and may be accessed by all employees. It is also on Abengoa’s Website³ .

The Code of Conduct requires that work must be performed with Abengoa’s key standards and values. These include integrity, legality, professional rigour, confidentiality, quality, corporate culture, and compliance with the Shared Management Systems.

The Code of Conduct also explicitly demands that the staff in charge thereof must inform of any known or suspected criminal activity that may affect Abengoa or its employees. If while in the performance of his duty an employee discovers a suspicious activity or behaviour,  he is bound to report said violation of the laws, regulations, or standards of the Code of Conduct to the CCO. In addition, the employee is assured that the information shall be treated as confidential and shall be fully investigated and no reprisals shall be suffered for said report, except if the information is deliberately false.

The Code of Conduct also requests to avoid situations that may give rise to conflicts of interest. Should it be indicated, or in order to clarify the employee’s doubts or worries, said employee must contact the CCO.

The Code of Conduct defines the scope of compliance, which includes all regulation to which Abengoa may be subject, including standards of voluntary compliance, and highlights the importance the compliance with the US Foreign Corrupt Practices Act (FCPA), which is considered critical. The Code details the expectations and obligations entailed internationally for Abengoa and each of its companies and employees, as well as the need to scrupulously comply with the content of the Code.

Any exception or waiver of the Code of Conduct by a manager or board member is studied by the Board of Directors, and subsequently reported to the Shareholders’ Meeting in accordance with the applicable rules and regulations.

The non-compliance with the Code of Conduct may entail disciplinary measures that, depending on the nature and seriousness of the non-compliance, include the termination of the existing work relationship. Furthermore, any supervisor, director, manager, or board member who directs, approves, or consents to non-compliance, or who is aware of the existence thereof but fails to immediately report or correct it, shall be subject to disciplinary measures, including the termination of the existing work relationship.

The Code of Conduct is revised at a minimum annual frequency. Currently the latest version is dated June 3, 2014.

 

4. Employee training

Abengoa considers employee training paramount for the efficiency of the Compliance System. The initiatives include a compulsory training program for all Abengoa employees, with customized content on the Code of Conduct and the duties and obligations relating to anti-corruption, with special emphasis on the relevance of complying with the FCPA in particular.  Following the training, employees must confirm that he/she understands the matter, behaves, and shall behave in accordance with Abengoa’s Code of Conduct.

In addition, compulsory yearly Shared Management Systems courses are imparted, the scopes of which include the mechanisms, controls, and procedures related to the daily ongoing of the Compliance System.

On the other hand, Abengoa joined the ACFE Corporate Alliance on November 1, 2014. Said association helps companies with designed tools and training focused on the fight against fraud and corruption, and resources for obtaining the CFE (Certified Fraud Examiner) accreditation for those internal auditors involved in the prevention of fraud.

 

5. The Shared Management Systems are aligned with the Compliance System

The Shared Management Systems are the corner stone of Abengoa’s daily operations. Therefore, Abengoa understands that the Compliance System cannot be an independent complement. Rather it affects each of the policies, procedures, and internal standards potentially relating to risks-oriented areas.

Thus, Shared Management Systems are formed by four fundamental pillars:

The Compulsory Internal Norms (NOC). These include all Abengoa-specific corporate policies, including forms that should be filled in to request authorization in cases typified as such.

The Compulsory Procedures (POC). They include formalized descriptions of all internal controls and flowcharts of the operation and management of Abengoa’s financial information.

The Universal Risks Model (MUR). Abengoa’s risks management tool, described in detail in the next section.

Segregation of functions.

In the latter case, It should be highlighted that all processes were designed bearing in mind the functions incompatible among them. Therefore, there is appropriate segregation of function in the duties related with authorization, registration of transactions, maintenance, and custody of assets, for the purpose of reducing the possibility of incurring into errors or fraud during usual business activities. The assignment of functions is adapted to the characteristics of each subsidiary, business model, and management software in use.

All of the above is consistent with the COSO II implementation in Abengoa and the 17 principles representing the basic concepts of internal control, which happened during 2014. Specifically, principle number 8 is about the assessment of fraud risks, and requires to the company to consider the types of fraud, evaluate employee incentives and pressures, evaluate fraud-committing opportunities, and evaluate attitudes and rationalization of committing them.

 

6. Appropriate risks assessment

The Company has its own Overall Risks Management System that allows the control and identification of risks, including those related with irregularities in anti-corruption compliance. The system maintains a culture of frequent risks control that helps in ensuring the achievement of objectives in this area and in acquiring the capacity of both action as well as adaptation. The goal is to mitigate the threats that may be uncovered in the globalized and changeable environment.

Abengoa therefore has a tool known as Universal Risks Model (MUR) for the identification, understanding, and evaluation of risks. Said tool evaluates the risks based on a double criteria: probability of occurrence and impact on entity. Consequently, it permits to obtain an integral vision of the risks divided into four areas, of which one focuses on regulation, which gathers the risk categories related to regulations, laws, and codes of ethics and conduct. The Compliance System also includes the evaluation of specific risks based on the same criteria of probability of occurrence and impact on entity.

The management of the risks entailed in projects is essential to maintain Abengoa’s competitive advantage. Compulsory control mechanisms include:

Preliminary identification of risks before submitting a bid.

Analysis and quantification of risks, in a model that is homogeneous for all the subsidiaries.

The head of risk assessment is being directly involved with subsidiaries, in these duties.

Designed procedures for following up on critical projects. The scope range: customized documents, project follow-up meetings, reports to management committees, and project performance index generation and management.

 

7. Specific procedures for major risks areas:

Abengoa’s Shared Management Systems which regulate procedures in the ordinary activities of the Group are complemented by the design of control mechanisms over areas of higher potential risks in anti-corruption compliance.

7.a. Gifts and donations

The giving or acceptance of any kind of gift valued at over USD$50 is generally prohibited.  All exceptions, including donations and/or sponsorships, valued at over USD$50 must request specific authorization. The requirements include information on the receiver, accumulated amount for the last 12 months, control over usage and the destination, and signed commitments. In addition, donations and sponsorships are subject to additional due diligence process over the potential impact at anti-corruption level.

7.b. Procedures for hiring agencies and intermediation

All third party contracts geared towards signing a contract, specific goals or success with a client, public or private, whether direct or indirect, must undertake not to commit any irregularity in favour of Abengoa.

This obligation extends to all type of suppliers, whether sales agent, intermediary, consultancy services, management and/or sales consultancy, or any other function that could permit them to directly or indirectly act in protection or on behalf of the interests of Abengoa for a specific bid or business offer.

These contracts also necessarily require the communication of Abengoa’s commitments to anti-corruption measures and to due diligence prior to the contract signing, and a follow-up during its execution.

As described in section 10, the Internal Audit Department has permanent resources assigned to suppliers audits.

 7.c. Due diligence prior to mergers and acquisitions deals

Abengoa follows a series of established procedures before any attempts are made to acquire a company outside the group. These are mainly based on three mechanisms:

The review of all contractual terms and conditions by the Legal Services Corporate Department, ensuring that they are aligned with Abengoa’s Compliance System.

The performance of a complete due diligence, involving, when necessary, independent experts, that entails thorough revision of the acquired company in accounting, taxation, contractual, and legal terms. The latter includes a revision of possible irregularities in anti-corruption compliance prior to the acquisition.

Once the companies fall under Abengoa’s control, they must assume the same control environment as the rest of the group, for which, where necessary, they receive corporate support.

7.d. Due diligence prior to operations of sealing of UTE and Joint Ventures agreements.

Before forming a joint venture, UTE, consortium-style group, or analogous figure, some aspects are analyzed, including, among others: details of how said association is organized, equity structure, decision-making systems, relevant information on partners including due diligence, schedules of contract, commitment to the performance of anti-corruption laws, etc.

In addition, in the event that the respective consortium-style figure executes one of the operations for which formal internal approval is required, it needs to request for authorization from Abengoa by filling out the specific form. That includes the capacity to make offers to specific clients and the signing of contracts.

7.e. Purchase, payments and contracts with third parties.

Abengoa has procedures established on certain key processes of the Company. These are involved in ensuring the effectiveness of the Compliance System:

The purchasing process, through procedures aimed at ensuring that all purchase of materials and services correspond to actual and legitimate needs of the Company.

The treasury process, through payment procedures aimed at preventing the existence of unauthorized or irregular payments.

The legal affairs process, with procedures aimed at ensuring the appropriate analysis and authorization of legal actions.

 

 8. Continuous updating, revision and improvement of the Compliance System

In Abengoa, the Shared Management Systems are dynamic and evolve depending on the needs detected. Each internal process is assigned to someone in charge of centralizing and approving changes and updates. Said person analyses the initiatives proposed by each agent involved, ranging from the departments involved, to both internal as well as external auditors.

The Shared Management Systems underwent 49 updates in 2014, including 4 in connection with the Compliance System, sufficiently significant to communicate to all the employees.

 

 9. Internal and external whistleblower policy

Abengoa launched its whistleblowing channels in 2007. These provide direct channel of communication with the upper management and the governing bodies, used as means of reporting any possible irregularity, non-compliance, unethical, or illegal conduct or the breach of rules that govern the Company.

The channels available are:

Internal, available to all employees through email or ordinary mail.

External, accessible from the Abengoa Website⁴ , provides direct communication channel to anyone not related to the company.

Abengoa guarantees the fullest confidentiality for all those who report irregularities, and the absolute absence of reprisals for all complaints made in good faith.

The complaints are directly received by the CCO and by the Internal Audit Director. The Audit Committee formally concludes on investigations or measures that, as the case may be, should be implemented in relation with the complaints received.

In 2014, all the complaints reported were treated in accordance with the established internal procedures.

 

10.Designed audits

In 2012 Abengoa set up a fraud detection and prevention unit, which undergoes customized training in fraud and anti-corruption.  The unit has since been reinforced.

In 2014 the team was made up of 16 auditors, out of which 13 have experience working in some of the 4 major audit companies.   

The designed work plan of this unit is focused on preventive and dissuasive reviews, as well as on the analysis of the potential existence of irregular practices. There are also specialists in information technology, FCPA, and business intelligence. Said work group prepared more than 100 reports during the 2014 financial year.

There is no minimum materiality required for the taking of actions. However, the unit reviews all material works companies at minimum yearly frequency.

Finally, the Compliance Department has specific and permanent resources to perform  audits on suppliers. Furthermore, the Legal Services Department performs internal audits on legal compliance.